package com.qf.shrio2203.config;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition(){
        DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
        //无需登录就可以访问
        definition.addPathDefinition("/a.html","authc");
        //登录后访问
        definition.addPathDefinition("/b.html","authc,roles[admin]");
        // url需要当前用户拥有document:read权限才可以访问
        definition.addPathDefinition("/c.html","perms[document:read]");
        // url无需登录即可访问
        definition.addPathDefinition("/d.html","anon");
        definition.addPathDefinition("/user/login","anon");
        definition.addPathDefinition("/regist.html","anon");
        definition.addPathDefinition("/user/login","anon");
        definition.addPathDefinition("/user/regist","anon");
        definition.addPathDefinition("/error","anon");

        //如下配置代表可以免登录，user代表过滤器名字
        definition.addPathDefinition("/home.html","user");
        //所有都要登录才可以访问，上面配置了anon的除外（顺序有关）（通配稍微靠后）
//        definition.addPathDefinition("/**","authc");
        return definition;
    }

    @Bean
    public Realm realm() {
        CustomRealm customRealm = new CustomRealm();
        //设置密码处理方式
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();

        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(1024);

        customRealm.setCredentialsMatcher(hashedCredentialsMatcher);

        return customRealm;
    }
}
